Apple is taking the unusual step of releasing security patches for older versions of iOS, specifically iOS 18, to address a recently leaked hacking tool known as DarkSword. The move comes as security researchers warn that the exploit, which was publicly posted on GitHub last week, is already being used in targeted phishing campaigns, potentially impacting millions of iPhone users. What we have is the second time this month Apple has issued “backported” patches – security fixes for operating systems no longer receiving major updates – after addressing vulnerabilities exploited by the “Coruna” toolkit.
The decision to support iOS 18, despite encouraging users to upgrade to the latest version, iOS 26, highlights the seriousness of the DarkSword threat. Security firms Malfors and Proofpoint were among the first to raise alarms about the tool’s accessibility and its use by a Russian hacker group linked to the Kremlin’s FSB intelligence agency. Independent researcher Johnny Franks discovered active domains hosting malicious websites designed to infect US-based users with the DarkSword exploit as recently as Thursday, a finding corroborated by mobile security firm iVerify.
While Apple pushes updates to its latest operating system, a significant number of users remain on older versions. This isn’t necessarily due to negligence, but often stems from compatibility issues with essential apps or hardware limitations. Some users have also expressed frustration with recent iOS changes, like the new “Liquid Glass” design in iOS 26, which some find leisurely or visually jarring. Online forums, such as Reddit, are filled with users voicing concerns about forced updates and the perceived drawbacks of newer iOS versions. “Apple is trying to force you onto the dumpster fire that is liquid glass,” one Reddit user wrote, reflecting a sentiment echoed by others who question the necessity of updating.
A Rare Move for Apple: Backporting Security Fixes
Backporting security fixes is a relatively rare practice for Apple. Typically, the company focuses its security efforts on the latest operating system versions. However, the widespread availability of DarkSword and the active exploitation of its vulnerabilities prompted a change in strategy. “Apple is now, finally, doing this for the DarkSword exploits, but only after they were already being abused by other attackers, putting iOS users at risk,” said Patrick Wardle, a former NSA hacker and CEO of the Apple-device-focused security firm DoubleYou. “If protecting users actually matters, backporting critical fixes should be standard, not the exception.”
The DarkSword situation follows a similar pattern to the recent response to the Coruna hacking toolkit. Researchers at Google and iVerify revealed that Coruna, believed to have originated with the US government, had spread to profit-focused cybercriminals. Within a week, Apple released security fixes for iOS 17, addressing the vulnerabilities exploited by the toolkit. This demonstrates a growing trend of Apple responding to sophisticated, in-the-wild exploits even on older iOS versions.
Why iOS 18 Users Were Particularly Vulnerable
DarkSword’s ability to compromise iOS 18 devices presented a unique challenge. Rocky Cole, cofounder of iVerify, explained that many users on iOS 18 may have deliberately delayed upgrading to iOS 26 due to compatibility concerns with specific or custom-made applications. These apps, crucial for their workflows, may not function correctly on newer operating systems. Beyond app compatibility, other factors contribute to update reluctance, including limited storage space on devices and, more recently, new features like age verification added to iOS 26 in the UK, which some users have resisted, as reported by The Guardian.
The leaked nature of DarkSword significantly amplified the risk. Once posted on GitHub, the exploit kit became accessible to a wider range of malicious actors, increasing the potential for widespread attacks. The tool leverages a technique that allows attackers to remotely compromise iPhones through targeted phishing emails and malicious websites.
Understanding the DarkSword Exploit
While the technical details of the DarkSword exploit remain complex, it essentially allows attackers to bypass iOS security measures and gain unauthorized access to a device. This access can be used to steal sensitive data, install malware, or monitor user activity. The exploit reportedly works by leveraging vulnerabilities in the operating system’s kernel, the core of iOS. The fact that it was actively being used in phishing campaigns, as confirmed by iVerify, underscores the immediate threat it posed to iOS 18 users.
The situation highlights the ongoing arms race between security researchers and malicious actors. As vulnerabilities are discovered and patched, attackers continually seek new ways to exploit systems. The rapid response from Apple, while welcomed by security experts, also serves as a reminder of the constant demand for vigilance and proactive security measures.
What Users Should Do
Apple has not yet officially detailed the specific security fixes included in the backported patches for iOS 18. However, users are strongly advised to install the update as soon as it becomes available through the device’s settings. It’s also crucial to exercise caution when opening emails or clicking on links from unknown sources. Verifying the authenticity of websites before entering any personal information is another essential security practice.
Looking ahead, Apple is expected to continue prioritizing security updates for all supported iOS versions. The company’s recent actions demonstrate a growing recognition of the importance of protecting users, even those who haven’t adopted the latest operating system. The next step will be monitoring the effectiveness of the patches and assessing any further threats that may emerge. Users can find more information about iOS security updates on Apple’s support website.
This is a developing story, and we will continue to provide updates as more information becomes available. Please share your thoughts and experiences in the comments below.
